@marimo-team/islands 0.21.2-dev15 → 0.21.2-dev16

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/dist/main.js +9 -7
  2. package/package.json +1 -1
  3. package/src/plugins/core/sanitize-html.ts +25 -18
package/dist/main.js CHANGED
@@ -32276,12 +32276,14 @@ ${c.sqlString}
32276
32276
  afterCursorCode: getEditorCodeAsPython(e, v)
32277
32277
  };
32278
32278
  }
32279
- var TEMPORARY_ATTRIBUTE = "data-temp-href-target";
32280
- purify.addHook("beforeSanitizeAttributes", (e) => {
32281
- e.tagName === "A" && (e.hasAttribute("target") || e.setAttribute("target", "_self"), e.hasAttribute("target") && e.setAttribute(TEMPORARY_ATTRIBUTE, e.getAttribute("target") || ""));
32282
- }), purify.addHook("afterSanitizeAttributes", (e) => {
32283
- e.tagName === "A" && e.hasAttribute(TEMPORARY_ATTRIBUTE) && (e.setAttribute("target", e.getAttribute(TEMPORARY_ATTRIBUTE) || ""), e.removeAttribute(TEMPORARY_ATTRIBUTE), e.getAttribute("target") === "_blank" && e.setAttribute("rel", "noopener noreferrer"));
32284
- });
32279
+ if (typeof document < "u") {
32280
+ let e = "data-temp-href-target";
32281
+ purify.addHook("beforeSanitizeAttributes", (r) => {
32282
+ r.tagName === "A" && (r.hasAttribute("target") || r.setAttribute("target", "_self"), r.hasAttribute("target") && r.setAttribute(e, r.getAttribute("target") || ""));
32283
+ }), purify.addHook("afterSanitizeAttributes", (r) => {
32284
+ r.tagName === "A" && r.hasAttribute(e) && (r.setAttribute("target", r.getAttribute(e) || ""), r.removeAttribute(e), r.getAttribute("target") === "_blank" && r.setAttribute("rel", "noopener noreferrer"));
32285
+ });
32286
+ }
32285
32287
  function sanitizeHtml(e) {
32286
32288
  let r = {
32287
32289
  USE_PROFILES: {
@@ -70798,7 +70800,7 @@ Image URL: ${r.imageUrl}`)), contextToXml({
70798
70800
  return Logger.warn("Failed to get version from mount config"), null;
70799
70801
  }
70800
70802
  }
70801
- const marimoVersionAtom = atom(getVersionFromMountConfig() || "0.21.2-dev15"), showCodeInRunModeAtom = atom(true);
70803
+ const marimoVersionAtom = atom(getVersionFromMountConfig() || "0.21.2-dev16"), showCodeInRunModeAtom = atom(true);
70802
70804
  atom(null);
70803
70805
  var import_compiler_runtime$89 = require_compiler_runtime();
70804
70806
  function useKeydownOnElement(e, r) {
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@marimo-team/islands",
3
- "version": "0.21.2-dev15",
3
+ "version": "0.21.2-dev16",
4
4
  "main": "dist/main.js",
5
5
  "types": "dist/index.d.ts",
6
6
  "type": "module",
package/src/plugins/core/sanitize-html.ts CHANGED
@@ -2,28 +2,35 @@
2
2
  import DOMPurify, { type Config } from "dompurify";
3
3
 
4
4
  // preserve target=_blank https://github.com/cure53/DOMPurify/issues/317#issuecomment-912474068
5
- const TEMPORARY_ATTRIBUTE = "data-temp-href-target";
6
- DOMPurify.addHook("beforeSanitizeAttributes", (node) => {
7
- if (node.tagName === "A") {
8
- if (!node.hasAttribute("target")) {
9
- node.setAttribute("target", "_self");
10
- }
5
+ // Guard for non-browser environments (e.g. Node.js in the marimo-lsp extension)
6
+ // where `document` is not available.
7
+ if (typeof document !== "undefined") {
8
+ const TEMPORARY_ATTRIBUTE = "data-temp-href-target";
9
+ DOMPurify.addHook("beforeSanitizeAttributes", (node) => {
10
+ if (node.tagName === "A") {
11
+ if (!node.hasAttribute("target")) {
12
+ node.setAttribute("target", "_self");
13
+ }
11
14
 
12
- if (node.hasAttribute("target")) {
13
- node.setAttribute(TEMPORARY_ATTRIBUTE, node.getAttribute("target") || "");
15
+ if (node.hasAttribute("target")) {
16
+ node.setAttribute(
17
+ TEMPORARY_ATTRIBUTE,
18
+ node.getAttribute("target") || "",
19
+ );
20
+ }
14
21
  }
15
- }
16
- });
22
+ });
17
23
 
18
- DOMPurify.addHook("afterSanitizeAttributes", (node) => {
19
- if (node.tagName === "A" && node.hasAttribute(TEMPORARY_ATTRIBUTE)) {
20
- node.setAttribute("target", node.getAttribute(TEMPORARY_ATTRIBUTE) || "");
21
- node.removeAttribute(TEMPORARY_ATTRIBUTE);
22
- if (node.getAttribute("target") === "_blank") {
23
- node.setAttribute("rel", "noopener noreferrer");
24
+ DOMPurify.addHook("afterSanitizeAttributes", (node) => {
25
+ if (node.tagName === "A" && node.hasAttribute(TEMPORARY_ATTRIBUTE)) {
26
+ node.setAttribute("target", node.getAttribute(TEMPORARY_ATTRIBUTE) || "");
27
+ node.removeAttribute(TEMPORARY_ATTRIBUTE);
28
+ if (node.getAttribute("target") === "_blank") {
29
+ node.setAttribute("rel", "noopener noreferrer");
30
+ }
24
31
  }
25
- }
26
- });
32
+ });
33
+ }
27
34
 
28
35
  /**
29
36
  * This removes script tags, form tags, iframe tags, and other potentially dangerous tags